[squid-users] Question about: ext_session_acl Splash/Portal solution.

Klaus Tachtler klaus at tachtler.net
Sun Oct 15 18:17:33 UTC 2017


Hi Amos,

after a little bit more testing, of course I must agree with you, it  
doesn't work as expected.

Please can you give me another advice? Where is my fault?

I tried to use the *ACTIVE* example from the squid documentation and  
modified it a little bit on 3 parts of the code, BUT a LOOP are still  
there!

https://wiki.squid-cache.org/ConfigExamples/Portal/Splash#Squid_Configuration_File_-_Active_Mode

--- code ---

# Set up the session helper in active mode. Mind the wrap - this is  
one line: - *MODIFIED* - (all in one line)
external_acl_type session concurrency=100 ttl=3 negative_ttl=0  
children-max=1 %LOGIN /usr/lib64/squid/ext_session_acl -a -T 60 -b  
/var/lib/squid/sessions/

# Pass the LOGIN command to the session helper with this ACL
acl session_login external session LOGIN

# Normal session ACL as per simple example
acl session_is_active external session

# ACL to match URL - *MODIFIED* -
acl clicked_login_url url_regex -i http://my.pages.net/html/accept.php

# First check for the login URL. If present, login session
http_access allow clicked_login_url session_login

# If we get here, URL not present, so renew session or deny request.
http_access deny !session_is_active

# Deny page to display - *MODIFIED* - NOT using a template with HTML-Code 511!
deny_info http://my.pages.net/html/splash.php?url=%u session_is_active

--- code ---

If you want, I can share the code from the pages
- http://my.pages.net/html/accept.php
- http://my.pages.net/html/splash.php?url=%u
too?

The idea behind the two PHP pages are, to store the original URL with  
the splash.php inside a PHP session and make a redirect inside the  
accept.php to the original URL.


Thank you for your time and your patience with me!
Klaus.

> On 15/10/17 10:02, Klaus Tachtler wrote:
>> Hi Amos,
>>
>>> On 14/10/17 04:40, Klaus Tachtler wrote:>
>>>> Why I'm on a loop between splash page and accept page?
>>>
>>>
>>> You have two *separate* active (-a) session contexts going on  
>>> simultaneously. They are both fighting over the session database.
>>
>> Oh my god, to delete "-a" on the "session_active_def" was the solution.
>> I was searching hours and hours for that!
>>
>> Thank you so much for the simple line you wrote to me!
>
> If that is the only change you made it is still not solved either,  
> your sessions will never end.
>
> You need *one* session. You get to pick active or passive:
>
> * Active has specific ACLs for LOGIN/LOGOUT/test.
>  - for when the clicked URL just *has* to be the specific one.
>
> * Passive has only one ACL for atomic test+login.
>  - for when either click OR refresh OR any other page fetch is  
> enough to continue.
>  - every test of the ACL updates the session timestamp not to expire.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users


----- Ende der Nachricht von Amos Jeffries <squid3 at treenet.co.nz> -----




-- 

------------------------------------------
e-Mail  : klaus at tachtler.net
Homepage: http://www.tachtler.net
DokuWiki: http://www.dokuwiki.tachtler.net
------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 3120 bytes
Desc: Öffentlicher PGP-Schlüssel
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171015/6f44c6b3/attachment.key>


More information about the squid-users mailing list